OIX has this week released a comprehensive, user centric, technology agnostic guide to trust framework contents, roles, governance and interoperability.
This new guide builds on ten years of work by the Open Identity Exchange to define and promote the need for trust frameworks to allow for the acceptance of digital identities and associated trusted information.
The guide covers achieving trust for both a user’s identity and for eligibility information.
It is available as a document and also as an easy to navigate web-guide on the brand new OIX website.
The OIX Guide to Trust Frameworks is designed to provide an expert view on what a good trust framework might look like, by detailing its salient components: the principles, content, roles and responsibilities.
The guide provides comprehensive, practitioner informed descriptions along with real-world examples of all the potential components in a trust framework by defining it within the following context:
- User services (e.g. Consent, multiplicity, ID creation etc.)
- Organisational services (e.g. User access, ID Assurance, Liability, SLAs etc.)
- Trust rules (e.g. Proofing, authentication, assurance etc.)
- General rules (e.g. MI, audit, fraud controls etc.)
- Security and Technical Requirements
- Governance (e.g. Certification, enrolment, operations etc.)
Additionally, it defines and details the roles and responsibilities within a framework, outlining the functions, input and outputs of each party within the framework.
This guide will help:
- Designers and implementors of Trust Frameworks consider what should be implemented to ensure user centric services and to achieve interoperability.
- Relying Parties who want to access trusted identity and eligibility information understand why they can trust services that are aligned with, or certified to, trust frameworks.
- Regulators and other stakeholders understand the need for a Trust Framework and what it should contain.
The identity community uses a plethora of specialist terminology. In order to try and standardise the vernacular OIX has created a separate Glossary of Identity Terms, including common synonyms. This is also available on the OIX website.
Existing OIX papers, such as ‘How to Approach Liability’ and ‘Blueprint for National and International Oversight of the Digital Identity Market’ are linked into the web version of the guide at the relevant section to allow the reader to drill down into the detail of how trust and interoperability can be achieved.
How will the guide be developed?
During the course of 2020 this guide will link to further, more detailed, reference guides with a particular view on designing-in interoperability, both within and between trust frameworks.
Through a number of working groups, OIX creating detailed guides to: Principles, Trustmarks, ID Proofing and Authentication, Fraud Controls and Technical Interoperability
If you have an questions or feedback please get in touch with me directly via firstname.lastname@example.org